1. Field of the Invention
The present invention relates to electronic commerce and, more particularly, to the facilitation of a transaction in electronic commerce.
2. Description of the Prior Art
Advancements in electronic communication technology, and reductions in the cost of data processing equipment have encouraged consumers, purchasing agents, merchants, suppliers, manufacturers, credit companies, banks and other institutions to expand their use of electronic commerce as a means for transacting business. In an electronic marketplace such as the Internet, parties to a transaction can exchange information in a manner, and at a rate, that is not available through other communication media. For example, a potential buyer and seller can be introduced to one another, the seller can promote its goods or services, and the buyer can select an item or service for purchase, essentially in real-time. That is, a transaction can be completed and recorded almost instantaneously.
Risks that may exist in an arms-length transaction are further exacerbated in an electronic environment, where the exchange of information is streamlined. For example, in an electronic transaction the parties often do not have an established relationship with one another, and a party might assume an alias, or take other steps to remain anonymous. Furthermore, unlike in the arms-length transaction, the true source or destination of information is often unknown to a party, and information, which may be confidential, could be acquired by a clandestine eavesdropper. Consequently, the field of electronic commerce is particularly susceptible to problems such as fraud, misrepresentation and misappropriation of confidential information.
Many organizations have taken affirmative steps to deal with these potential problems and to improve the level of confidence held by parties to such transactions. Methods have been developed to create electronic documents that are private and secure from unauthorized use. In a conventional system, an electronic document is usually converted into a secret form before transmission over a publicly accessible network. The process of converting information into a secret form is called “encryption” and a converted document is called an “encrypted” document. Some existing techniques in the field of cryptography are described in U.S. Pat. No. 5,872,849 to Sudia, entitled “Enhanced Cryptograghic System And Method With Key Escrow Feature”, and U.S. Pat. No. 5,903,652 to Mital, entitled “System And Apparatus For Monitoring Secure Information In a Computer Network.”
Besides providing security, current systems also use encryption techniques to authenticate or “digitally sign” a document. While digital signatures authenticate documents, digital signatures differ significantly from hand written signatures in that a digital signature “signs” a document by encrypting a portion of the document in a unique manner.
A cryptographic communications system also ensures the integrity of data transmissions by preventing an alteration by an unauthorized party. The cryptographic communications system can further ensure the integrity and authenticity of the transmission by providing for a recognizable document-dependent digitized signature such that a particular sender cannot deny that it is the source of the transmission.
A cryptographic system involves the encoding or encrypting of digital data transmissions to render them incomprehensible by all but the intended recipient. A message is encoded numerically and then encrypted using a complex mathematical algorithm that transforms the encoded message based on a given set of numbers or digits, also known as a cipher key. The cipher key is a sequence of data bits that may either be randomly chosen or have special mathematical properties, depending on the algorithm or cryptosystem used. A sophisticated cryptographic algorithm implemented on a computer can transform and manipulate numbers that are hundreds or thousands of bits in length and can resist any known method of unauthorized decryption. There are two basic classes of cryptographic algorithms: symmetric key algorithms and asymmetric key algorithms.
A symmetric key algorithm uses an identical cipher key for both encrypting by the sender of the communication and decrypting by the receiver of the communication. A symmetric key cryptosystem is built on the mutual trust of the two parties sharing the cipher key to use the cryptosystem to protect against distrusted third parties.
The second class of cryptographic algorithms, asymmetric key algorithms, uses different cipher keys for encrypting and decrypting. In a cryptosystem using an asymmetric key algorithm, a user makes the encryption key public and keeps the decryption key private, and it is not feasible to derive the private decryption key from the public encryption key. Thus, anyone who knows the public key of a particular user could encipher a message to that user, whereas only the user who is the owner of the private key corresponding to that public key can decipher the message.
Even in the absence of problems such as fraud and misrepresentation, and given that each party is aware of the true identity of the other, a transaction in electronic commerce can often be further enhanced, and in some cases may even require, assurance of the business credentials of one or both parties. For example, a party's credentials are relevant when verifying its credit worthiness, or negotiating prices or contract terms. U.S. Pat. No. 5,809,144 to Sirbu et al., entitled “Method And Apparatus For Purchasing And Delivering Digital Goods Over A Network” describes a system in which a customer presents its credentials to a merchant by way of an encrypted transmission.
However, none of the aforementioned references describe a method or system in which the business credentials of a party are provided by an independent third party. Even if such credentials were available, none of these references describe a method or system that assists a party by evaluating the credentials of the other party in real time within the context of the underlying transaction. Furthermore, in a case where neither the identity of a corresponding party nor the identity of an organization that the party purports to represent is at issue, these references do not describe a technique for ensuring that the corresponding party is authorized to act on behalf of the identified organization.
There is a need for a system that facilitates a transaction in electronic commerce by providing information concerning the business credentials of a party to the transaction.
There is also a need for a system that evaluates the business credentials of the participants and makes a decision regarding the underlying transaction.
Additionally, there is a need for a system that verifies an affiliation between a correspondent and another entity with regard to a transaction in electronic commerce.